flash

CEsezvn5.exe

Status: finished
Submission Time: 15.09.2020 15:13:15
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • exe
  • NanoCore

Details

  • Analysis ID:
    285723
  • API (Web) ID:
    466574
  • Analysis Started:
    15.09.2020 15:50:18
  • Analysis Finished:
    15.09.2020 15:59:29
  • MD5:
    6d5aa4c20470b9cb865a8e2feacda571
  • SHA1:
    287f44407fc1495b9a41262d82c6d8ef9e08e4f7
  • SHA256:
    e526eb649ee6c8fe974afbd1fcd3ed6a8e27d6fb27b3ba96185d8ab0d8327b42
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
58/67

malicious
28/29

malicious

IPs

IP Country Detection
194.5.97.98
Netherlands

Domains

Name IP Detection
getmoney3004.duckdns.org
194.5.97.98

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
data
#